May 2018

May 14, 2018

On May 9th, the Fourth Circuit Court of Appeals issued a decision in US v. Kolsuz, a criminal appeal raising the question of how the Fourth Amendment applies to searches of electronic devices at the border. The Court ruled that in light of the immense privacy concerns, forensic searches of electronic devices seized at the border must be justified by individualized suspicion, or some reason to believe that a particular traveler had committed a crime.

The appeals court said border patrol officers had reasonable suspicion to conduct a forensic search of Hamza Kolsuz's cellphone, and they were entitled to rely on that standard based on case law that suggested it was, at most, all that was required. The officers had seized Kolsuz's phone after they found firearms parts that required an export license in his checked luggage. It was the third time weapons parts were found in his luggage. Even I have a hard time arguing with that one.

The forensic search of Kolsuz's phone produced information that included personal contact lists, e-mails, messenger conversations, photographs, videos, calendar, web browsing history, call logs and GPS tracking history. He was sentenced to 30 months in prison after a conviction for violating the Arms Export Control Act and conspiracy.

The federal government had contended that searches of electronic devices require no warrant or individualized suspicion under an exception that allows searches of suitcases at the border.

The decision is the first federal appellate ruling to require individualized suspicion in a border search of a cellphone since the U.S. Supreme Court ruled in Riley v. California in 2014 that police generally can't search the contents of a cellphone seized during an arrest, unless they get a warrant, according to the Electronic Frontier Foundation (EFF).

Under Riley's recognition of the extensive information stored on cellphones, the 4th Circuit said, the forensic search of Kolsuz's phone should be considered a nonroutine border search that requires some measure of individualized suspicion.

The EFF and the ACLU had filed amicus briefs urging the 4th Circuit to go further and hold that probable cause is needed before a search of electronic devices, whether it's a manual search or one using forensic software.

After arguments in the case, the Department of Homeland Security adopted a policy that treats forensic searches of digital devices as nonroutine border searches requiring reasonable suspicion of activity that violates the customs laws or in cases raising national security concerns, according to the opinion.

The ACLU and the EFF have filed a separate lawsuit that challenges warrantless searches of electronic devices at the border. And I remain on their side.

May 10, 2018

As a follow up to yesterday's post, it was interesting to read an article in The New York Times. The article reported the parent company of the New York Stock Exchange has been working on an online trading platform that would allow large investors to buy and hold Bitcoin.

The news of the virtual exchange, which has not been reported before, came after Goldman Sachs went public with its intention to open a Bitcoin trading unit — likely the first of its kind at a Wall Street bank.

The moves by Goldman and Intercontinental Exchange, or ICE, the parent company of the New York Stock Exchange, is fairly remarkable as Bitcoin is known primarily for its underworld associations and status as a high-risk, speculative investment.

Banks seem nervous about losing their place in the financial world. Bitcoin was intended to be used by consumers for all sorts of transactions without any financial institutions getting involved (you can imagine how banks hate that) and it now has become primarily a virtual investment, stored in digital wallets and traded on mostly unregulated exchanges around the world. People buy Bitcoin in the hope that its value will go up, as they might purchase gold or silver.

Could this all fall apart? Sure. Wall St. is hesitant to be closely associated with cryptocurrencies, for obvious reasons. Some large financial exchanges, including the Chicago Mercantile Exchange, have already created financial products linked to the price of Bitcoin, known as futures. But the new operation at ICE would provide more direct access to Bitcoin by putting the actual tokens in the customer's account at the end of the trade.

Paul Chou, a former trader at Goldman Sachs who set up LedgerX, a regulated Bitcoin exchange, said his company focuses on large Bitcoin holders, rather than financial institutions.

"The reason we got into crypto was not to partner with a bank, but to replace them," Mr. Chou said. "We deal with crypto holders directly in a way that really takes advantage of Bitcoin's strengths, while avoiding brokers, banks and other institutions that take multiple cuts of the transaction."

Goldman will initially only be trading futures contracts linked to Bitcoin's price. But Goldman executives said they were looking at moving in the direction of buying and selling actual Bitcoins.

That would be a remarkable move in many ways, and no doubt have many regulatory hurdles. But banks hate losing a piece of the action – this will no doubt be a continuously evolving story.

May 09, 2018

Warren Buffet has never hesitated to speak his mind. So I wasn't surprised when BGRposted that Warren had referred to Bitcoin as "rat poison squared" in an interview with CNBC. Bill Gates was no more charitable saying, "As an asset class, you're not producing anything and so you shouldn't expect it to go up. It's kind of a pure 'greater fool theory' type of investment. I agree I would short it if there was an easy way to do it."

Berkshire Hathaway vice chairman Charlie Munger had an even more jarring take on cryptocurrency, categorizing the hype surrounding it as akin to "dementia." "I like cryptocurrencies a lot less than you do," Munger told Buffett at a Berkshire Hathaway shareholders meeting this weekend. "To me, it's just dementia. It's like somebody else is trading turds and you decide you can't be left out."

So there you have it. A pretty unvarnished view by very wealthy men. Rat poison and turds – interesting images indeed.

May 08, 2018

As reported in Above the Law (and many other places) Lina Franco, a New Jersey attorney acting as local counsel for a pair of plaintiffs seeking to file a class action over alleged labor law violations, missed a November 23, 2016 deadline to file for conditional class certification.

On December 9, sixteen days after the deadline, Franco filed her motion along with a letter explaining that she missed the deadline because of her mom's medical emergency that sent her unexpectedly to Mexico City.

On December 12 and 13, 2016, Defense counsel objected to Plaintiffs' late filing of the motion, stating that Ms. Franco's public Instagram account revealed that Ms. Franco was not in Mexico City when the motion was due on November 23, 2016. Plaintiff was in New York City and then Miami, Florida during the entire time she claimed to be in Mexico City because of her family emergency. In an accompanying declaration, the Defense attached screenshots of the Instagram photos as exhibits.

Franco's December 9 letter explained her absence on a family emergency in Mexico and came with an itinerary noting that she had a flight to Mexico City on Thursday, November 21, 2016. To quote the court: "However, November 21, 2016 was indisputably a Monday, not a Thursday." She rather weakly replied that she had been in a "tailspin" because of her mother's heath and exercised poor judgment.

She was fined $10,000 and has said she would not contest the fine. That was the first smart thing I heard her say. But I'll bet she has filed away the fact that public social media postings that contradict a document filed with a court is probably never going to have a good outcome.

May 07, 2018

A Hot for Securitypost from Bitdefender reports on a survey of 2000 users by the password management experts at LogMeIn. 91 percent of people know that password recycling poses huge security risks, yet 59 percent still use the same password everywhere.

They know better but they do it. The number one reason for password reuse is fear of forgetfulness. If I was afraid of forgetfulness, I wouldn't get up in the morning. Number two was wanting to know and be in control of all their passwords, which is certainly made simpler by only having one. Good heavens.

And in bad news for businesses, 47 percent say there is no difference in passwords created for personal and work accounts. Only 19 percent are more careful with their work login details, and 38 percent never use the same password for work and personal accounts. Unfortunately, the other 62% percent do.

72% feel well informed on password best practices (though the survey results don't bear that out), but 64 percent of those also prefer a password that's easy to remember, and they admitted they always choose convenience over security. That part is certainly not news. While 91 percent are aware of the risks of password recycling, 58 percent generally or always use the same password or a similar variation of that password for most of their online accounts.

May 03, 2018

The Vergereported on May 1st that Facebook CEO Mark Zuckerberg has announced that Facebook is adding a new feature called Clear History to its privacy controls. Zuckerberg said, "It will be a simple control to clear your browsing history on Facebook — what you've clicked on, websites you've visited, and so on."

The first application of Clear History is tied (no surprise) to the Cambridge Analytica scandal. "Once we roll out this update, you'll be able to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account. You'll even be able to turn off having this information stored with your account." Facebook has announced numerous steps in recent weeks designed to prevent third parties from collecting personal data from unknowing users.

It is not all happy news for users. As Zuckerberg noted, "To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here." The CEO warns that "your Facebook won't be as good while it relearns your preferences." Users and privacy advocates are unlikely to be pleased by the degradation in experience. And we are used to hearing that unless we give up privacy, performance degradation will occur. It seems to me that the geniuses at Facebook can do better.

Facebook says it's going to take "a few months" to build and release Clear History. So stay tuned – the intense heat on Facebook is unlikely to diminish.

May 02, 2018

Lawyers look at me blankly when I ask that question. But it is a question posed by Microsoft itself. Let me offer a small tidbit from Microsoft's "Introducing the Office 365 Secure Score" web page:

"Ever wonder how secure your Office 365 organization really is? Time to stop wondering - the Office 365 Secure Score is here to help. Secure Score analyzes your Office 365 organization's security based on your regular activities and security settings and assigns a score. Think of it as a credit score for security."

Office 365 isn't magically secure out of the gate. It needs some help from your end. Secure Score looks at the Office 365 services you use and then looks at your settings and activities before assigning you a score that represents the quality of your security practices.

When we get a new client that is using Office 365, it is standard practice now to run "Secure Score." And the results are usually dreadful. You don't have to reach the pinnacle here – as we always say, the object is to "get to good."

May 01, 2018

Privacy and Cybersecurity Lawreported recently that on March 14, 2018, IBM Security published the results of a new global study on organizational cybersecurity readiness and resiliency entitled "The 2018 Cyber Resilient Organization." The survey includes insights from more than 2,800 security and IT professionals, and establishes that cybersecurity readiness remains a critical challenge for businesses worldwide:

77% of respondents admit they do not have a formal cybersecurity incident response plan applied consistently across their organization;

77% of respondents report having difficulty retaining and hiring quality IT security professionals;

50% of respondents believe their incident response plan is either informal, ad hoc, or non-existent;

60% of respondents consider lack of investment in artificial intelligence and machine learning as the biggest barrier to achieving cyber resilience;

31% of respondents believe they have an adequate cybersecurity budget in place;

29% of respondents report having ideal staffing to achieve cyber resilience; and

23% of respondents say they do not currently have a CISO or security leader.

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.